Monday, September 19, 2005

Security threat in Internet Explorer

hi!! here is a major security threat in IE. Using jes a line of javascript or vbscript, u can retrieve text from clipboard. And using technology such as AJAX, it is possible to send it to the server without page refresh i.e. user willnt know that some communication has happened between his sys & the server. 1 e.g. where AJAX is used is wen u sign up for a new mail account at gmail or yahoo. It gives u a button to check whether the user id u selected is available or not & the result is almost instantaneous without the whole page refreshing.

Btw, i read abt this somewhere around 2 weeks ago, but i understood the threat & its severeness when i was reading Sudar's blog yesterday. Thanks 2 u sudar!!

Click on the links to get more information, a demo and a possible(not fool-proof) way to get rid of this problem.

1 more thing, this problem occurs only in internet explorer and i feel its mainly because of the extensive support of activeX controls. if u have some thoughts 2 share, dont hesitate to post a comment.